Sync with plan

afonsoa00 · Oct 4, 2023 · c544545 · c544545
1 parent b9a5095
commit c544545
Showing 1 changed file with 111 additions and 0 deletions.
diff --git a/.github/workflows/jit-security.yml b/.github/workflows/jit-security.yml
@@ -22,6 +22,17 @@ jobs:
       with:
         security_control: registry.jit.io/control-enrichment-slim:latest
 
+  remediation-pr:
+    if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'remediation-pr' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-remediation-pr'
+    runs-on: ubuntu-20.04
+    timeout-minutes: 20
+    steps:
+    - name: remediation-pr
+      uses: jitsecurity-controls/[email protected]
+      with:
+        security_control: registry.jit.io/open-remediation-pr-alpine:latest
+        security_control_output_file: /opt/code/jit-report/results.json
+
   secret-detection:
     if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'secret-detection' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-secret-detection'
     runs-on: ubuntu-20.04
@@ -32,4 +43,104 @@ jobs:
       with:
         security_control: registry.jit.io/control-gitleaks-alpine:latest
         security_control_output_file: /tmp/report.json
+
+  static-code-analysis-csharp:
+    if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'static-code-analysis-csharp' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-sast'
+    runs-on: ubuntu-20.04
+    timeout-minutes: 20
+    steps:
+    - name: semgrep
+      uses: jitsecurity-controls/[email protected]
+      with:
+        security_control: registry.jit.io/control-semgrep-alpine:latest
+
+  static-code-analysis-go:
+    if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'static-code-analysis-go' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-sast'
+    runs-on: ubuntu-20.04
+    timeout-minutes: 20
+    steps:
+    - name: gosec
+      uses: jitsecurity-controls/[email protected]
+      with:
+        security_control: registry.jit.io/control-gosec-alpine:latest
+
+  static-code-analysis-java:
+    if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'static-code-analysis-java' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-sast'
+    runs-on: ubuntu-20.04
+    timeout-minutes: 20
+    steps:
+    - name: semgrep
+      uses: jitsecurity-controls/[email protected]
+      with:
+        security_control: registry.jit.io/control-semgrep-alpine:latest
+
+  static-code-analysis-js:
+    if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'static-code-analysis-js' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-sast'
+    runs-on: ubuntu-20.04
+    timeout-minutes: 20
+    steps:
+    - name: semgrep
+      uses: jitsecurity-controls/[email protected]
+      with:
+        security_control: registry.jit.io/control-semgrep-alpine:latest
+
+  static-code-analysis-kotlin:
+    if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'static-code-analysis-kotlin' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-sast'
+    runs-on: ubuntu-20.04
+    timeout-minutes: 20
+    steps:
+    - name: semgrep
+      uses: jitsecurity-controls/[email protected]
+      with:
+        security_control: registry.jit.io/control-semgrep-alpine:latest
+
+  static-code-analysis-php:
+    if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'static-code-analysis-php' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-sast'
+    runs-on: ubuntu-20.04
+    timeout-minutes: 20
+    steps:
+    - name: semgrep
+      uses: jitsecurity-controls/[email protected]
+      with:
+        security_control: registry.jit.io/control-semgrep-alpine:latest
+
+  static-code-analysis-python-semgrep:
+    if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'static-code-analysis-python-semgrep' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-sast'
+    runs-on: ubuntu-20.04
+    timeout-minutes: 20
+    steps:
+    - name: semgrep
+      uses: jitsecurity-controls/[email protected]
+      with:
+        security_control: registry.jit.io/control-semgrep-alpine:latest
+
+  static-code-analysis-rust:
+    if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'static-code-analysis-rust' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-sast'
+    runs-on: ubuntu-20.04
+    timeout-minutes: 20
+    steps:
+    - name: semgrep
+      uses: jitsecurity-controls/[email protected]
+      with:
+        security_control: registry.jit.io/control-semgrep-alpine:latest
+
+  static-code-analysis-scala:
+    if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'static-code-analysis-scala' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-sast'
+    runs-on: ubuntu-20.04
+    timeout-minutes: 20
+    steps:
+    - name: semgrep
+      uses: jitsecurity-controls/[email protected]
+      with:
+        security_control: registry.jit.io/control-semgrep-alpine:latest
+
+  static-code-analysis-swift:
+    if: fromJSON(github.event.inputs.client_payload).payload.workflow_job_name == 'static-code-analysis-swift' && fromJSON(github.event.inputs.client_payload).payload.workflow_slug == 'workflow-sast'
+    runs-on: ubuntu-20.04
+    timeout-minutes: 20
+    steps:
+    - name: semgrep
+      uses: jitsecurity-controls/[email protected]
+      with:
+        security_control: registry.jit.io/control-semgrep-alpine:latest